Malware in Appliances

Malware means software designed to function in ways that
mistreat or harm the user. (This does not include accidental errors.)

Malware and nonfree software are two different issues. The difference
between free software and
nonfree software is in
whether the users have control of the program or vice versa. It's
not directly a question of what the program does when it
runs. However, in practice nonfree software is often malware, because
the developer's awareness that the users would be powerless to fix any
malicious functionalities tempts the developer to impose some.

The suit accuses that this was done without the users' consent.
If the fine print of the app said that users gave consent for this,
would that make it acceptable? No way! It should be flat out
illegal to design the app to snoop at all.

For example, a cracker can gain access to the dishwasher's filesystem,
infect it with malware, and force the dishwasher to launch attacks on
other devices in the network. Since these dishwashers are used in hospitals,
such attacks could potentially put hundreds of lives at risk.

This shows that laws requiring products to get users' formal
consent before collecting personal data are totally inadequate. And
what happens if a user declines consent? Probably the TV will say,
“Without your consent to tracking, the TV will not
work.”

Proper laws would say that TVs are not allowed to report what the
user watches — no exceptions!

HP “storage appliances” that use the proprietary
“Left Hand” operating system have back doors that give HP
remote login access to them. HP claims that this does not give HP
access to the customer's data, but if the back door allows
installation of software changes, a change could be installed that
would give access to the customer's data.

The
“Cube” 3D printer was designed with DRM: it won't accept
third-party printing materials. It is the Keurig of printers. Now it is
being discontinued, which means that eventually authorized materials won't
be available and the printers may become unusable.

How pitiful that the author of that article says that there was
“nothing wrong” with designing the device to restrict users in
the first place. This is like putting a “cheat me and mistreat me”
sign on your chest. We should know better: we should condemn all companies
that take advantage of people like him. Indeed, it is the acceptance of
their unjust practice that teaches people to be doormats.

That page uses spin terms that favor DRM,
including
digital “rights” management
and “protect”,
and it claims that “artists” (rather than companies) are
primarily responsible for putting digital restrictions management into
these disks. Nonetheless, it is a reference for the facts.

A camera that records locally on physical media, and has no network
connection, does not threaten people with surveillance—neither
by watching people through the camera, nor through malware in the
camera.

It is possible to turn this off, but having it enabled by default
is an injustice already.

Tivo's alliance with Viacom adds 2.3 million households to the 600
millions social media profiles the company already monitors. Tivo
customers are unaware they're being watched by advertisers. By
combining TV viewing information with online social media
participation, Tivo can now
correlate TV advertisement with online purchases, exposing all
users to new combined surveillance by default.

Some web and TV advertisements play inaudible sounds to be picked
up by proprietary malware running on other devices in range so as to
determine that they are nearby. Once your Internet devices are paired
with your TV, advertisers can correlate ads with Web activity, and
other
cross-device tracking.

Spyware in LG “smart” TVs reports what the user
watches, and the switch to turn this off has no effect. (The fact
that the transmission reports a 404 error really means nothing; the
server could save that data anyway.)